Information access systems are not completely secure. They are susceptible to denial attacks and intrusion attacks. Being able to assess the security of an information access system is important when deciding which one to use.
Prior art methods of assessing security of information access systems include a method of receiving security information, categorizing it, scoring it, and determining the level of security. The result only produces a low, medium, or high assessment. Another method scans remote systems and surveys them for aspects that may have security vulnerabilities. The result is only a table for each remote system listing those aspects.
Assigning a real and objective measure of the security of an information access system is not addressed in the prior art. In the prior art, the resulting security assessment is subjectively qualified as low, medium or high. The prior art does not discuss the trade-offs of favoring one aspect the security over another. Other prior art simply scans remote computers and returns vulnerability aspects of the system. The result is just a table with the configuration of the system. Again, it produces no objective security measure. Therefore, there is a need for a method to objectively assess the security of an information access system. The present invention does just that.
U.S. Pat. Appl. No. 20060129810 A1, entitled “METHOD AND APPARATUS FOR EVALUATING SECURITY OF SUBSCRIBER NETWORK,” discloses a method of receiving information regarding a subscriber network. That information is then classified and given scores. Those scores result in the subscriber network being given security vulnerability levels of low, medium or high. U.S. Pat. Appl. No. 20060129810 A1 is hereby incorporated by reference into the specification of the present invention.
U.S. Pat. No. 7,328,454, entitled “SYSTEMS AND METHOD FOR ASSESSING COMPUTER SECURITY,” discloses a method for identifying the aspects of a system vulnerable to an attack. A system scans remote systems and checks for aspects known to be vulnerable to an attack. The result is simply a list of possible components where each remote system could be attacked. U.S. Pat. No. 7,328,454 is hereby incorporated by reference into the specification of the present invention.